NIXPKGS-2026-0018 published on 17 Jan 2026 CVE-2026-22863 updated 5 days, 9 hours ago by @LeSuisse Activity log Created automatic suggestion 5 days, 17 hours ago @LeSuisse removed 12 packages speech-denoiser openimagedenoise terraform-providers.deno python312Packages.denonavr python313Packages.denonavr haskellPackages.pandoc-sidenote terraform-providers.denoland_deno gnomeExtensions.denon-avr-controler python312Packages.bnunicodenormalizer python313Packages.bnunicodenormalizer vscode-extensions.denoland.vscode-deno home-assistant-component-tests.denonavr 5 days, 9 hours ago @LeSuisse accepted as draft 5 days, 9 hours ago @LeSuisse published on GitHub 5 days, 9 hours ago Deno node:crypto doesn't finalize cipher Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0. Affected products deno ==< 2.6.0 Matching in nixpkgs pkgs.deno Secure runtime for JavaScript and TypeScript nixos-unstable 2.5.6 nixpkgs-unstable 2.5.6 nixos-unstable-small 2.5.6 nixos-25.05 2.2.12 nixos-25.05-small 2.2.12 nixpkgs-25.05-darwin 2.2.12 Package maintainers: 10 @06kellyjac Jack <hello+nixpkgs@j-k.io> @ofalvai Olivér Falvai <ofalvai@gmail.com> @honnip Jung seungwoo <me@honnip.page> @dotlambda Robert Schütz <rschuetz17@gmail.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @LeshaInc Alexey Nikashkin <leshainc@fomalhaut.me> @Mic92 Jörg Thalheim <joerg@thalheim.io> @magnetophon Bart Brouns <bart@magnetophon.nl> @ratsclub Victor Freire <victor@freire.dev.br>
CVE-2026-22863 updated 5 days, 9 hours ago by @LeSuisse Activity log Created automatic suggestion 5 days, 17 hours ago @LeSuisse removed 12 packages speech-denoiser openimagedenoise terraform-providers.deno python312Packages.denonavr python313Packages.denonavr haskellPackages.pandoc-sidenote terraform-providers.denoland_deno gnomeExtensions.denon-avr-controler python312Packages.bnunicodenormalizer python313Packages.bnunicodenormalizer vscode-extensions.denoland.vscode-deno home-assistant-component-tests.denonavr 5 days, 9 hours ago @LeSuisse accepted as draft 5 days, 9 hours ago @LeSuisse published on GitHub 5 days, 9 hours ago Deno node:crypto doesn't finalize cipher Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0. Affected products deno ==< 2.6.0 Matching in nixpkgs pkgs.deno Secure runtime for JavaScript and TypeScript nixos-unstable 2.5.6 nixpkgs-unstable 2.5.6 nixos-unstable-small 2.5.6 nixos-25.05 2.2.12 nixos-25.05-small 2.2.12 nixpkgs-25.05-darwin 2.2.12 Package maintainers: 10 @06kellyjac Jack <hello+nixpkgs@j-k.io> @ofalvai Olivér Falvai <ofalvai@gmail.com> @honnip Jung seungwoo <me@honnip.page> @dotlambda Robert Schütz <rschuetz17@gmail.com> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @LeshaInc Alexey Nikashkin <leshainc@fomalhaut.me> @Mic92 Jörg Thalheim <joerg@thalheim.io> @magnetophon Bart Brouns <bart@magnetophon.nl> @ratsclub Victor Freire <victor@freire.dev.br>
pkgs.deno Secure runtime for JavaScript and TypeScript nixos-unstable 2.5.6 nixpkgs-unstable 2.5.6 nixos-unstable-small 2.5.6 nixos-25.05 2.2.12 nixos-25.05-small 2.2.12 nixpkgs-25.05-darwin 2.2.12